What if | have questions about 


HIPAA? 

If you have questions regarding HIPAA, 
you can contact the covered entity state 
agencies at the following telephone 
numbers: 


Resources: 


HIPAA Administrative Simplification 
Statute and Rules 


https:/Awww.hhs.gov/hipaa/for-professionals/ 


HIPAA 


Department of Conservation 
573-751-4115 


Department of Elementary and 
Secondary Education 
573-751-3527 


Department of Health and 
Senior Services 
573-751-6005 


Department of Mental Health 
573-751-4122 


Department of Social Services 
573-751-3229 


Department of Transportation 
573-526-0138 
877-863-9406 (Toll free) 


Missouri Consolidated 
Health Care Plan 
573-751-8881 
800-487-0771 (Toll Free) 


Missouri Veterans Commission 
573-751-3779 


health.mo.gov 


index.html 


U.S. Department of Health and Human 
Services, Office of Civil Rights 


https://www.hhs.gov/hipaa/index.html 


Missouri Department of Health 
and Senior Services 


https://health.mo.gov/information/hipaa/ 


Missouri 


Department of Health 
and Senior Services 


Missouri Department of Health 
and Senior Services 
P.O. Box 570 
Jefferson City, MO 65102 


Alternate forms of this publication for persons with 
disabilities may be obtained by contacting the Missouri 
Department of Health and Senior Services at 
573-751-6005. 


An EO/AA employer: Services provided on a 
nondiscriminatory basis. Individuals who are deaf, 
hard-of-hearing, or have a speech disability can dial 
711 or 1-800-735-2966. 


Keeping it... 


TDEN TIAL: 


CON 


What EVERY 


Missouri Legislator 
Needs to Know! 


In 1996, Congress passed the 
Health Insurance Portability and 
Accountability Act (HIPAA), Public 
Law 104-191, to improve the health 
care system in the United States and 
to utilize efficiencies created through 
the use of electronic transactions. 


To implement the statute, the U.S. 
Department of Health and Human 
Services has published a series of 
rules including: 


¢ Privacy Rule 
Governing the confidentiality of 
protected health information. 


¢ Transactions and Code Set Rule 
Governing the electronic transmission 
of health information and standardizing 
the billing codes for services. 


e Security Rule 
Governing the security and 
confidentiality of health information in 
electronic form. 


e National Provider Identifier Rule 
Establishing a system for uniquely 
identifying all covered health care 
providers. 


¢ The Health Information Technology 
for Economic and Clinical Health 
(HITECH) Act 
Strengthens the privacy and security 
protections for health information 
established under HIPAA. 


¢ Enforcement Rule 
Provides standards for the enforcement 
of all the Administrative Simplification 
Rules. 


Who does HIPAA apply to? 

The HIPAA rules apply to individuals or 
organizations that are determined to be 

a “Covered Entity”. A covered entity must 
comply with the HIPAA rules/regulations. 
Many state departments/agencies in Missouri 
are covered entities (all or part of the 
department/agency). 


Key HIPAA Terms 


Covered Entity 

A health plan, health care clearinghouse, or 
health care provider who transmits any health 
information in electronic form in connection 
with transactions for which HHS has adopted 
standards. 


Protected Health Information (PHI) 
All individually identifiable health information 
held or transmitted by a covered entity or its 
business associate, in any form or media, 
whether electronic, paper, or oral. 


Public Health Authority 

An agency or authority of the United States, 
a State, a territory, a political subdivision 

of a State or territory, or an Indian tribe, or 
a person or entity acting under a grant of 
authority from or contract with such public 
agency, including the employees or agents 
of such public agency or its contractors or 
persons or entities to whom it has granted 
authority, that is responsible for public health 
matters as part of its official mandate. 


Authorization 

Detailed document containing the required 
elements of the Privacy Rule, completed 
by the individual authorizing a covered 
entity to disclose specified protected health 
information to a third party for specified 
purposes. 


How does HIPAA Directly Affect 


Missouri Legislators? 

One way that Missouri legislators might be 
affected by HIPAA is in the area of constituent 
services. For example, if a constituent asks 
you to look into the health care services 

he or she receives from a covered entity 
state agency, he or she will need to fill 

out a HIPAA- compliant authorization 
form. Without this authorization from the 
constituent, covered entity agencies may not 
be legally permitted to share protected health 
information about your constituent with you. 


DHSS HIPAA Compliant Authorization 
form is available at: https://health.mo.gov/ 
information/hipaa/pdf/Authorization.pdf 


Contact the specific agency for assistance 
in obtaining and properly completing the 
authorization form. 


